Steam is one of the most popular PC game marketplaces on the planet, with over 120 million monthly users. The site boasts a catalog of over 50,000 games and clocks 62 million users daily. So naturally, these kinds of numbers are bound to bring some unsavory elements in.
These elements can include hackers looking to steal your personal information, gamers looking to exploit the platform to play gamers for cheap or free, and more. While Valve discovers most of these folks and their cheat tech and bans from Steam well in time, some fly under the radar and are brought to notice by outside parties.
The latest Steam exploit to come to light could have been catastrophic for the platform as it allowed users to add unlimited amounts of money to their Steam wallets. But, thankfully, a group of hackers called Hackerone found the cheat and alerted Valve of the same.
Hackerone is a site that allows ethical hackers to connect with companies like Valve to tinker and hack through its sites, applications, and software. This enables them to detect vulnerabilities that could threaten their userbase and flag them to the appropriate authorities. As a result, the hackers are rewarded for their efforts.
Valve was alerted of the unlimited funds exploit by a user named drbrix. The bug allowed a player to receive an “amount100” in their Steam account’s email address, which intercepted payments made in Steam’s Smart2Pay system and artificially inflated them.
Therefore, anyone armed with the exploit could instantly generate any amount of money and break the market by buying and selling games for cheap. Since the potential consequences of this exploit were severe, a Valve employee going by JonP thanked drbrix for bringing the issue to light and confirmed that the company would investigate and deploy a fix.
According to a Valve spokesperson quoted in The Daily Swig, the issue is now resolved, and more importantly, no customer was impacted. What’s more, drbix received a handsome bounty of $7500 for their fix.
Currently, there is no word from Valve on how it plans to safeguard Steam against such platform-breaking bugs, but hopefully, the company will put some robust protections in place soon.
Steam is a video game digital distribution service by Valve Softwares. It was launched as a standalone software client in September 2003 as a way for Valve to provide automatic updates for their games and was subsequently expanded to include games from third-party publishers. Steam also serves as an online web-based and mobile digital storefront.